generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

GH787: Fix ALPN

Browse Source 
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Todd Short
2016-03-05 08:47:55 -05:00
committed by Rich Salz
parent 892b9376b3
commit 1316ca80f4
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -9,6 +9,9 @@
[Todd Short] [Todd Short]
*) Add SSL_CIPHER queries for authentication and key-exchange. *) Add SSL_CIPHER queries for authentication and key-exchange.
*) Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
[Todd Short] [Todd Short]
*) Changes to the DEFAULT cipherlist: *) Changes to the DEFAULT cipherlist:

14
ssl/ssl_ciph.c
View File

@@ -2012,8 +2012,8 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr) const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
{ {
const SSL_CIPHER *c; const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
c = ssl->method->get_cipher_by_char(ptr);
if (c == NULL || c->valid == 0) if (c == NULL || c->valid == 0)
return NULL; return NULL;
return c; return c;
@@ -2037,10 +2037,8 @@ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
{ {
int i; int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
if (c == NULL)
return NID_undef;
i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
if (i == -1) if (i == -1)
return NID_undef; return NID_undef;
return ssl_cipher_table_mac[i].nid; return ssl_cipher_table_mac[i].nid;
@@ -2049,6 +2047,7 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
{ {
int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey); int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
if (i == -1) if (i == -1)
return NID_undef; return NID_undef;
return ssl_cipher_table_kx[i].nid; return ssl_cipher_table_kx[i].nid;
@@ -2056,7 +2055,8 @@ int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
{ {
int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_auth); int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
if (i == -1) if (i == -1)
return NID_undef; return NID_undef;
return ssl_cipher_table_kx[i].nid; return ssl_cipher_table_kx[i].nid;